test/parallel/test-https-client-checkServerIdentity.js

'use strict';
const common = require('../common');
const assert = require('assert');

if (!common.hasCrypto) {
  common.skip('missing crypto');
  return;
}
const https = require('https');

const fs = require('fs');
const path = require('path');

const options = {
  key: fs.readFileSync(path.join(common.fixturesDir, 'keys/agent3-key.pem')),
  cert: fs.readFileSync(path.join(common.fixturesDir, 'keys/agent3-cert.pem'))
};

const server = https.createServer(options, common.mustCall(function(req, res) {
  res.writeHead(200);
  res.end();
  req.resume();
})).listen(0, function() {
  authorized();
});

function authorized() {
  const req = https.request({
    port: server.address().port,
    rejectUnauthorized: true,
    ca: [fs.readFileSync(path.join(common.fixturesDir, 'keys/ca2-cert.pem'))]
  }, common.fail);
  req.on('error', function(err) {
    override();
  });
  req.end();
}

function override() {
  const options = {
    port: server.address().port,
    rejectUnauthorized: true,
    ca: [fs.readFileSync(path.join(common.fixturesDir, 'keys/ca2-cert.pem'))],
    checkServerIdentity: function(host, cert) {
      return false;
    }
  };
  options.agent = new https.Agent(options);
  const req = https.request(options, function(res) {
    assert(req.socket.authorized);
    server.close();
  });
  req.on('error', function(err) {
    throw err;
  });
  req.end();
}
test: enable linting for tests Enable linting for the test directory. A number of changes was made so all tests conform the current rules used by lib and src directories. The only exception for tests is that unreachable (dead) code is allowed. test-fs-non-number-arguments-throw had to be excluded from the changes because of a weird issue on Windows CI. PR-URL: https://github.com/nodejs/io.js/pull/1721 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> 2015-05-19 13:00:06 +02:00			`'use strict';`
test: use const for all require() calls PR-URL: https://github.com/nodejs/node/pull/10550 Reviewed-By: Rich Trott <rtrott@gmail.com> 2016-12-30 18:38:06 -05:00			`const common = require('../common');`
			`const assert = require('assert');`
test: refactor all tests that depends on crypto we had a few ways versions of looking for support before executing a test. this commit unifies them as well as add the check for all tests that previously lacked them. found by running `./configure --without-ssl && make test`. also, produce tap skip output if the test is skipped. PR-URL: https://github.com/iojs/io.js/pull/1049 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2015-03-04 12:11:21 +11:00
			`if (!common.hasCrypto) {`
test: abstract skip functionality to common The tap skipping output is so prevalent yet obscure in nature that we ought to move it into it's own function in test/common.js PR-URL: https://github.com/nodejs/node/pull/6697 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> 2016-05-11 15:34:52 -04:00			`common.skip('missing crypto');`
test: changing process.exit to return while skipping tests This patch uses `return` statement to skip the test instead of using `process.exit` call. PR-URL: https://github.com/nodejs/io.js/pull/2109 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Johan Bergström <bugs@bergstroem.nu> 2015-07-07 20:55:55 +05:30			`return;`
test: refactor all tests that depends on crypto we had a few ways versions of looking for support before executing a test. this commit unifies them as well as add the check for all tests that previously lacked them. found by running `./configure --without-ssl && make test`. also, produce tap skip output if the test is skipped. PR-URL: https://github.com/iojs/io.js/pull/1049 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2015-03-04 12:11:21 +11:00			`}`
test: use const for all require() calls PR-URL: https://github.com/nodejs/node/pull/10550 Reviewed-By: Rich Trott <rtrott@gmail.com> 2016-12-30 18:38:06 -05:00			`const https = require('https');`
test: refactor all tests that depends on crypto we had a few ways versions of looking for support before executing a test. this commit unifies them as well as add the check for all tests that previously lacked them. found by running `./configure --without-ssl && make test`. also, produce tap skip output if the test is skipped. PR-URL: https://github.com/iojs/io.js/pull/1049 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2015-03-04 12:11:21 +11:00
test: use const for all require() calls PR-URL: https://github.com/nodejs/node/pull/10550 Reviewed-By: Rich Trott <rtrott@gmail.com> 2016-12-30 18:38:06 -05:00			`const fs = require('fs');`
			`const path = require('path');`
tls: `checkServerIdentity` option Allow overriding `checkServerIdentity` function, when connecting to a TLS server. Reviewed-By: Fedor Indutny <fedor@indutny.com> 2014-09-05 09:56:55 -05:00
test: use eslint to fix var->const/let Manually fix issues that eslint --fix couldn't do automatically. PR-URL: https://github.com/nodejs/node/pull/10685 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> 2017-01-08 13:19:00 +00:00			`const options = {`
tls: `checkServerIdentity` option Allow overriding `checkServerIdentity` function, when connecting to a TLS server. Reviewed-By: Fedor Indutny <fedor@indutny.com> 2014-09-05 09:56:55 -05:00			`key: fs.readFileSync(path.join(common.fixturesDir, 'keys/agent3-key.pem')),`
			`cert: fs.readFileSync(path.join(common.fixturesDir, 'keys/agent3-cert.pem'))`
			`};`

test: use eslint to fix var->const/let Manually fix issues that eslint --fix couldn't do automatically. PR-URL: https://github.com/nodejs/node/pull/10685 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> 2017-01-08 13:19:00 +00:00			`const server = https.createServer(options, common.mustCall(function(req, res) {`
tls: `checkServerIdentity` option Allow overriding `checkServerIdentity` function, when connecting to a TLS server. Reviewed-By: Fedor Indutny <fedor@indutny.com> 2014-09-05 09:56:55 -05:00			`res.writeHead(200);`
			`res.end();`
			`req.resume();`
test: use mustCall() for simple flow tracking Many of the tests use variables to track when callback functions are invoked or events are emitted. These variables are then asserted on process exit. This commit replaces this pattern in straightforward cases with common.mustCall(). This makes the tests easier to reason about, leads to a net reduction in lines of code, and uncovered a few bugs in tests. This commit also replaces some callbacks that should never be called with common.fail(). PR-URL: https://github.com/nodejs/node/pull/7753 Reviewed-By: Wyatt Preul <wpreul@gmail.com> Reviewed-By: Minwoo Jung <jmwsoft@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> 2016-07-15 15:43:24 -04:00			`})).listen(0, function() {`
tls: `checkServerIdentity` option Allow overriding `checkServerIdentity` function, when connecting to a TLS server. Reviewed-By: Fedor Indutny <fedor@indutny.com> 2014-09-05 09:56:55 -05:00			`authorized();`
			`});`

			`function authorized() {`
test: use eslint to fix var->const/let Manually fix issues that eslint --fix couldn't do automatically. PR-URL: https://github.com/nodejs/node/pull/10685 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> 2017-01-08 13:19:00 +00:00			`const req = https.request({`
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 2016-05-29 03:06:56 -04:00			`port: server.address().port,`
tls: `checkServerIdentity` option Allow overriding `checkServerIdentity` function, when connecting to a TLS server. Reviewed-By: Fedor Indutny <fedor@indutny.com> 2014-09-05 09:56:55 -05:00			`rejectUnauthorized: true,`
			`ca: [fs.readFileSync(path.join(common.fixturesDir, 'keys/ca2-cert.pem'))]`
test: use mustCall() for simple flow tracking Many of the tests use variables to track when callback functions are invoked or events are emitted. These variables are then asserted on process exit. This commit replaces this pattern in straightforward cases with common.mustCall(). This makes the tests easier to reason about, leads to a net reduction in lines of code, and uncovered a few bugs in tests. This commit also replaces some callbacks that should never be called with common.fail(). PR-URL: https://github.com/nodejs/node/pull/7753 Reviewed-By: Wyatt Preul <wpreul@gmail.com> Reviewed-By: Minwoo Jung <jmwsoft@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> 2016-07-15 15:43:24 -04:00			`}, common.fail);`
test: enable linting for tests Enable linting for the test directory. A number of changes was made so all tests conform the current rules used by lib and src directories. The only exception for tests is that unreachable (dead) code is allowed. test-fs-non-number-arguments-throw had to be excluded from the changes because of a weird issue on Windows CI. PR-URL: https://github.com/nodejs/io.js/pull/1721 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> 2015-05-19 13:00:06 +02:00			`req.on('error', function(err) {`
tls: `checkServerIdentity` option Allow overriding `checkServerIdentity` function, when connecting to a TLS server. Reviewed-By: Fedor Indutny <fedor@indutny.com> 2014-09-05 09:56:55 -05:00			`override();`
			`});`
			`req.end();`
			`}`

			`function override() {`
test: use eslint to fix var->const/let Manually fix issues that eslint --fix couldn't do automatically. PR-URL: https://github.com/nodejs/node/pull/10685 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> 2017-01-08 13:19:00 +00:00			`const options = {`
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 2016-05-29 03:06:56 -04:00			`port: server.address().port,`
tls: `checkServerIdentity` option Allow overriding `checkServerIdentity` function, when connecting to a TLS server. Reviewed-By: Fedor Indutny <fedor@indutny.com> 2014-09-05 09:56:55 -05:00			`rejectUnauthorized: true,`
			`ca: [fs.readFileSync(path.join(common.fixturesDir, 'keys/ca2-cert.pem'))],`
test: enable linting for tests Enable linting for the test directory. A number of changes was made so all tests conform the current rules used by lib and src directories. The only exception for tests is that unreachable (dead) code is allowed. test-fs-non-number-arguments-throw had to be excluded from the changes because of a weird issue on Windows CI. PR-URL: https://github.com/nodejs/io.js/pull/1721 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> 2015-05-19 13:00:06 +02:00			`checkServerIdentity: function(host, cert) {`
tls: `checkServerIdentity` option Allow overriding `checkServerIdentity` function, when connecting to a TLS server. Reviewed-By: Fedor Indutny <fedor@indutny.com> 2014-09-05 09:56:55 -05:00			`return false;`
			`}`
			`};`
			`options.agent = new https.Agent(options);`
test: use eslint to fix var->const/let Manually fix issues that eslint --fix couldn't do automatically. PR-URL: https://github.com/nodejs/node/pull/10685 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> 2017-01-08 13:19:00 +00:00			`const req = https.request(options, function(res) {`
tls: `checkServerIdentity` option Allow overriding `checkServerIdentity` function, when connecting to a TLS server. Reviewed-By: Fedor Indutny <fedor@indutny.com> 2014-09-05 09:56:55 -05:00			`assert(req.socket.authorized);`
			`server.close();`
			`});`
test: enable linting for tests Enable linting for the test directory. A number of changes was made so all tests conform the current rules used by lib and src directories. The only exception for tests is that unreachable (dead) code is allowed. test-fs-non-number-arguments-throw had to be excluded from the changes because of a weird issue on Windows CI. PR-URL: https://github.com/nodejs/io.js/pull/1721 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> 2015-05-19 13:00:06 +02:00			`req.on('error', function(err) {`
tls: `checkServerIdentity` option Allow overriding `checkServerIdentity` function, when connecting to a TLS server. Reviewed-By: Fedor Indutny <fedor@indutny.com> 2014-09-05 09:56:55 -05:00			`throw err;`
			`});`
			`req.end();`
			`}`